Internet, i.e., web, applications, systems and services are increasingly becoming prone to cyber-attacks which cost business institutions in downtime, repairs, monitoring and general public relations, and can, in instances, have a crippling effect on a business' ability to effectively operate via the internet.
Many cyber-attacks begin with hackers utilizing fuzzers, i.e., fuzzing, to search for vulnerabilities in a web-based system, i.e., internet, or web, site. Fuzzers use a technique, often automated or semi-automated, that involves providing invalid, unexpected and/or random data to the inputs of one or more pages of a web site. Known fuzzer technologies work by randomly scanning a web site being attacked attempting to uncover vulnerabilities in a web site page that can be exploited to crash the web site or commandeer the site for the attackers' own purposes.
Fuzzing technologies can also, therefore, be utilized by business institutions to test their web sites for vulnerabilities in order to find and correct existing issues before a cyber attacker has a chance to discover and exploit them. However, due to the random nature of known fuzzer technologies it often takes a considerable amount of time for these techniques to be used to legitimately discover vulnerabilities on a web site, if they can uncover any at all.
Thus it is desirable to adapt fuzzing technologies to intelligently traverse a web site and identify web pages on a site that have or may have vulnerabilities. It is further desirable to utilize fuzzing technologies in an expedient manner in order to assist in minimizing the time these fuzzers require for discovering vulnerabilities on a web site. It is also advantageous to utilize historical fuzzing test results for a web site to ensure the web site is adequately checked for issues that may exist but have as yet to be identified.